Over a third of organizations are seeing email-based attacks hit their inbox daily, new data shows. IT professionals now say they need to remediate an email-based attack every day –including suspending compromised email accounts.
Email remains the go-to vector for malicious actors, a finding supported yet again in a recent study by GreatHorn. The firm collected data from over 640 security, IT and c-suite professionals to analyze new threat vectors, common issues affecting the industry at large, and emerging strategies for targeted attacks.
In a key finding, researchers discovered that email impersonation is wreaking havoc on email inboxes, as the professional community works remotely and disparately.
“Email impersonations present the perfect way for opportunistic fraudsters to take advantage of human vulnerabilities,” the report says. “Although there are infinite variations of impersonation attacks, each one relies on an end users' misguided trust in surface appearance and quick reactions to emails.”
Phishing, whaling and/or business email compromise (BEC) continueo flourish, with over a third of respondents (35.1%) ranking impersonation attacks as their top email threat in 2020. Some 42% report seeing impersonations of well-known brands in their inbox – a sharp rise from just 22.4% in 2019.
“Both people and brand impersonations remain difficult to detect as they appeal to authority and urgency, utilize a known contact name and depend on the systematic lack of education among non-technical recipients,” researchers said.
As email-borne attacks skyrocket, IT decision makers are also bolstering remediation efforts. 35.8% report seeing phishing, impersonations, credential theft, spoofing, malware, ransomware or other email threats in their inbox on a daily basis – up from 24.3% last year. Respondents said they need to remediate an email-based attack every day – including suspending compromised email accounts, running PowerShell scripts, resetting compromised application accounts, legal action and more. This marks a 165% increase from 2019, when only 12.7% reported having to remediate an email-based attack daily.
Just as notable, 40% of respondents said the biggest problem with their current email security solution was missing payload attacks such as malware, malicious attachments and links.
As more employees work from home and possibly many more will want to in the future, infosec professionals are concerned about the security implications. In a survey sponsored by Bitdefener, more than one in three (34%) IT pros say they fear that employees are feeling more relaxed about security issues because of their surroundings, while others say that employees not sticking to protocol, especially in terms of identifying and flagging suspicious activity, is a worry (33%).
GravityZone Email Security delivers complete business email protection that goes beyond malware and other traditional threats such as spam, viruses, large-scale phishing attacks and malicious URLs. It also stops modern, targeted and sophisticated email threats including Business Email Compromise (BEC) and CEO impersonation-type attacks.